Lucene search
K

429 matches found

CNNVD
CNNVD
added 2023/09/27 12:0 a.m.7 views

Zoho ManageEngine ADManager Plus Authorization Issues Vulnerability

ZOHO ManageEngine ADManager Plus is a suite of Microsoft Active Directory management software from ZOHO designed for enterprise users using Windows domains. The software assists AD administrators and helpdesk technicians with day-to-day administrative tasks, such as batch management of user...

5.4CVSS6.8AI score0.01988EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2023/09/26 12:0 a.m.15 views

CVE-2023-41904

Zoho ManageEngine ADManager Plus before 7203 allows 2FA bypass for AuthToken generation in REST APIs...

7AI score0.01988EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2023/09/26 12:0 a.m.5 views

PT-2023-28159 · Zoho · Zoho Manageengine Admanager Plus

Name of the Vulnerable Software and Affected Versions: Zoho ManageEngine ADManager Plus versions prior to 7203 Description: The issue allows 2FA bypass for AuthToken generation in REST APIs. Recommendations: For versions prior to 7203, update to version 7203 or later to resolve the issue. As a...

5.4CVSS5.3AI score0.01988EPSS
Exploits0References4
CVE
CVE
added 2023/09/26 12:0 a.m.2503 views

CVE-2023-41904

CVE-2023-41904 affects Zoho ManageEngine ADManager Plus prior to version 7203, where the REST APIs suffer a 2FA bypass in AuthToken generation. This enables unauthorized access via REST endpoints, per multiple sources. Remediation is to upgrade to version 7203 or later; as a temporary measure, re...

5.4CVSS5.5AI score0.01988EPSS
Exploits0References1Affected Software1
BDU FSTEC
BDU FSTEC
added 2023/09/13 12:0 a.m.7 views

The vulnerability of the Zoho ManageEngine ADManager Plus software for managing Active Directory services stems from deficiencies in access control. This allows attackers to execute arbitrary commands with superuser privileges.

The vulnerability of the Zoho ManageEngine ADManager Plus software for managing Active Directory services is related to deficiencies in access control. Exploiting this vulnerability allows a malicious actor to execute arbitrary commands with superuser privileges remotely...

9CVSS7.4AI score0.11634EPSS
Exploits1References2
NVD
NVD
added 2023/09/11 7:15 p.m.27 views

CVE-2023-38743

Zoho ManageEngine ADManager Plus before Build 7200 allows admin users to execute commands on the host machine...

7.2CVSS7.2AI score0.11634EPSS
Exploits1References1
Prion
Prion
added 2023/09/11 7:15 p.m.19 views

Command injection

Zoho ManageEngine ADManager Plus before Build 7200 allows admin users to execute commands on the host machine...

5.8CVSS7.1AI score0.11634EPSS
Exploits1References1Affected Software1
Vulnrichment
Vulnrichment
added 2023/09/11 12:0 a.m.7 views

CVE-2023-38743

Zoho ManageEngine ADManager Plus before Build 7200 allows admin users to execute commands on the host machine...

7.3AI score0.11634EPSS
Exploits1References1
Cvelist
Cvelist
added 2023/09/11 12:0 a.m.29 views

CVE-2023-38743

Zoho ManageEngine ADManager Plus before Build 7200 allows admin users to execute commands on the host machine...

7.3AI score0.11634EPSS
Exploits1References1
CVE
CVE
added 2023/09/11 12:0 a.m.87 views

CVE-2023-38743

CVE-2023-38743 affects ManageEngine ADManager Plus prior to Build 7200. A command-injection leads to remote code execution via installServiceWithCredentials due to improper validation of a user-supplied string used in a system call. Auth is required per ZDI advisory. Affected versions: before Bui...

7.2CVSS7.1AI score0.11634EPSS
Exploits1References1Affected Software1
Tenable Nessus
Tenable Nessus
added 2023/09/07 12:0 a.m.77 views

ManageEngine ADManager Plus < Build 7203 File Disclosure

Zoho ManageEngine ADManager Plus before version 7.2 Build 7203 is affected by a file disclosure vulnerability that allows admin users to download any file from the server machine via directory traversal. Note that Nessus has not tested for this issue but has instead relied only on the application...

4.9CVSS5.4AI score0.04041EPSS
Exploits0References3
BDU FSTEC
BDU FSTEC
added 2023/09/04 12:0 a.m.6 views

The vulnerability of the Zoho ManageEngine ADManager Plus software for managing Active Directory services stems from deficiencies in access control. This allows unauthorized users to gain unauthorized access to protected information.

The vulnerability of the Zoho ManageEngine ADManager Plus software for managing Active Directory services is related to deficiencies in access control. Exploiting this vulnerability could allow an attacker to gain unauthorized access to protected information...

7.5CVSS5.5AI score0.04041EPSS
Exploits0References3
NVD
NVD
added 2023/08/31 11:15 p.m.21 views

CVE-2023-39912

Zoho ManageEngine ADManager Plus before 7203 allows Help Desk Technician users to read arbitrary files on the machine where this product is installed...

4.9CVSS5.1AI score0.04041EPSS
Exploits0References2
OSV
OSV
added 2023/08/31 11:15 p.m.7 views

CVE-2023-39912

Zoho ManageEngine ADManager Plus before 7203 allows Help Desk Technician users to read arbitrary files on the machine where this product is installed...

4.9CVSS5.9AI score0.04041EPSS
Exploits0References2
Prion
Prion
added 2023/08/31 11:15 p.m.26 views

Code injection

Zoho ManageEngine ADManager Plus before 7203 allows Help Desk Technician users to read arbitrary files on the machine where this product is installed...

3.3CVSS5AI score0.04041EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2023/08/31 12:0 a.m.23 views

CVE-2023-39912

Zoho ManageEngine ADManager Plus before 7203 allows Help Desk Technician users to read arbitrary files on the machine where this product is installed...

5.3AI score0.04041EPSS
Exploits0References2
CVE
CVE
added 2023/08/31 12:0 a.m.79 views

CVE-2023-39912

CVE-2023-39912 (Zoho ManageEngine ADManager Plus) affects pre-7203 builds of ManageEngine ADManager Plus. Multiple sources describe a file disclosure/vector: administrators/Help Desk Technician can read arbitrary files on the server, via directory traversal or improper path validation in the down...

4.9CVSS5AI score0.04041EPSS
Exploits0References2Affected Software1
Vulnrichment
Vulnrichment
added 2023/08/31 12:0 a.m.2 views

CVE-2023-39912

Zoho ManageEngine ADManager Plus before 7203 allows Help Desk Technician users to read arbitrary files on the machine where this product is installed...

7AI score0.04041EPSS
Exploits0References2
Prion
Prion
added 2023/08/28 8:15 p.m.37 views

Spoofing

Zoho ManageEngine Active Directory 360 versions 4315 and below, ADAudit Plus 7202 and below, ADManager Plus 7200 and below, Asset Explorer 6993 and below and 7xxx 7002 and below, Cloud Security Plus 4161 and below, Data Security Plus 6110 and below, Eventlog Analyzer 12301 and below, Exchange...

5.1CVSS9.3AI score0.02434EPSS
Exploits0References2Affected Software17
CVE
CVE
added 2023/08/28 12:0 a.m.132 views

CVE-2023-35785

CVE-2023-35785 is a TFA bypass vulnerability affecting Zoho ManageEngine Active Directory 360, ADAudit Plus, ADManager Plus, Asset Explorer, Cloud Security Plus, Data Security Plus, Eventlog Analyzer, Exchange Reporter Plus, Log360, Log360 UEBA, M365 Manager/Security Plus, Recovery Manager Plus, ...

8.1CVSS8AI score0.02434EPSS
Exploits0References2Affected Software1
Rows per page
Query Builder